Installation

Can you help me troubleshoot my Splunk Enterprise (7.2.1) install on Win10 (64-bit)?

irios86
Engager

Hello,

I'm new here and I'm trying to utilize the free training courses offered under the Splunk Veterans program. I'm at the point where I need to start the labs, but I can't get Splunk Enterprise to install on either my desktop or laptop. Both machines are running Windows 10 64-bit (1803) code. I am using an administrator level account and I have verbose logging from msiexec. On both of my machines, it keeps failing at the SetAllUsers portion:

Action start 16:59:57: SetAllUsers.
MSI (c) (28:B0) [16:59:57:971]: Invoking remote custom action. DLL: C:\Users\irios\AppData\Local\Temp\MSI9407.tmp, Entrypoint: SetAllUsersCA
MSI (c) (28:28) [16:59:57:972]: Cloaking enabled.
MSI (c) (28:28) [16:59:57:972]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (28:28) [16:59:57:972]: Connected to service for CA interface.
SetAllUsers:  Debug: Num of subkeys found: 1.
SetAllUsers:  Info: Previously installed Splunk product is not found.
SetAllUsers:  Error: Failed SetAllUsers: 0x2.
SetAllUsers:  Info: Leave SetAllUsers: 0x80004005.
CustomAction SetAllUsers returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 16:59:57: SetAllUsers. Return value 3.

I have already tried sfc /scannow on both of my systems, and no issues were discovered.

I'm completely lost at this point and I really don't want to do a clean install on either of my systems. Does anyone have any idea what could be causing this issue?

Thanks in advance!

0 Karma
1 Solution

irios86
Engager

Well, I only spent 4 hrs digging around before caving-in and posting the question here. 30 minutes after posting I figured it out. I always keep the Administrator account disabled. I figured it was worth a shot enabling and it and logging in as Administrator. Low and behold, it installed without a hitch using the Administrator account.

I went through the install process and then I logged back in using my normal account. Since Splunk installs for all users, I was able to re-disable my Administrator account and still use Splunk on my normal account.

Hope this helps someone else! I don't understand why it didn't work before since my normal user account is part of the Administrators group. Either way, not bothered because now I can press on.

Thanks!

View solution in original post

0 Karma

irios86
Engager

Well, I only spent 4 hrs digging around before caving-in and posting the question here. 30 minutes after posting I figured it out. I always keep the Administrator account disabled. I figured it was worth a shot enabling and it and logging in as Administrator. Low and behold, it installed without a hitch using the Administrator account.

I went through the install process and then I logged back in using my normal account. Since Splunk installs for all users, I was able to re-disable my Administrator account and still use Splunk on my normal account.

Hope this helps someone else! I don't understand why it didn't work before since my normal user account is part of the Administrators group. Either way, not bothered because now I can press on.

Thanks!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...